GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Sep 19, 2014 10:26 pm Post subject: [ GLSA 201409-08 ] libxml2: Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: libxml2: Denial of Service (GLSA 201409-08)
Severity: normal
Exploitable: remote
Date: September 19, 2014
Bug(s): #509834
ID: 201409-08
Synopsis
A vulnerability in libxml2 allows a remote attacker to cause Denial
of Service.
Background
libxml2 is the XML C parser and toolkit developed for the Gnome project.
Affected Packages
Package: dev-libs/libxml2
Vulnerable: < 2.9.1-r4
Unaffected: >= 2.9.1-r4
Architectures: All supported architectures
Description
A vulnerability in the xmlParserHandlePEReference() function of
parser.c, when expanding entity references, can be exploited to consume
large amounts of memory and cause a crash or hang.
Impact
A remote attacker may be able to cause Denial of Service via a specially
crafted XML file containing malicious attributes.
Workaround
There is no known workaround at this time.
Resolution
All libxml2 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r4"
|
References
CVE-2014-0191 |
|
News & Announcements
